Skip to content

Commit d6c8d72

Browse files
author
Kate Osborn
committed
Check for port conflicts across protocols
1 parent 35ff0c3 commit d6c8d72

File tree

2 files changed

+92
-32
lines changed

2 files changed

+92
-32
lines changed

internal/state/graph/gateway_listener.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,8 @@ func newListenerConfiguratorFactory(
6868
gw *v1beta1.Gateway,
6969
secretMemoryMgr secrets.SecretDiskMemoryManager,
7070
) *listenerConfiguratorFactory {
71+
sharedHostnameConflictResolver := createHostnameConflictResolver()
72+
7173
return &listenerConfiguratorFactory{
7274
unsupportedProtocol: &listenerConfigurator{
7375
validators: []listenerValidator{
@@ -89,7 +91,7 @@ func newListenerConfiguratorFactory(
8991
validateHTTPListener,
9092
},
9193
conflictResolvers: []listenerConflictResolver{
92-
createHostnameConflictResolver(),
94+
sharedHostnameConflictResolver,
9395
},
9496
},
9597
https: &listenerConfigurator{
@@ -100,7 +102,7 @@ func newListenerConfiguratorFactory(
100102
createHTTPSListenerValidator(gw.Namespace),
101103
},
102104
conflictResolvers: []listenerConflictResolver{
103-
createHostnameConflictResolver(),
105+
sharedHostnameConflictResolver,
104106
},
105107
externalReferenceResolvers: []listenerExternalReferenceResolver{
106108
createExternalReferencesForTLSSecretsResolver(gw.Namespace, secretMemoryMgr),
@@ -388,7 +390,8 @@ func createExternalReferencesForTLSSecretsResolver(
388390
// GetAllowedRouteLabelSelector returns a listener's AllowedRoutes label selector if it exists.
389391
func GetAllowedRouteLabelSelector(l v1beta1.Listener) *metav1.LabelSelector {
390392
if l.AllowedRoutes != nil && l.AllowedRoutes.Namespaces != nil {
391-
if *l.AllowedRoutes.Namespaces.From == v1beta1.NamespacesFromSelector && l.AllowedRoutes.Namespaces.Selector != nil {
393+
if *l.AllowedRoutes.Namespaces.From == v1beta1.NamespacesFromSelector &&
394+
l.AllowedRoutes.Namespaces.Selector != nil {
392395
return l.AllowedRoutes.Namespaces.Selector
393396
}
394397
}

internal/state/graph/gateway_test.go

Lines changed: 86 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -215,23 +215,26 @@ func TestBuildGateway(t *testing.T) {
215215
createHTTPSListener := func(name, hostname string, port int, tls *v1beta1.GatewayTLSConfig) v1beta1.Listener {
216216
return createListener(name, hostname, port, v1beta1.HTTPSProtocolType, tls)
217217
}
218+
218219
// foo http listeners
219220
foo80Listener1 := createHTTPListener("foo-80-1", "foo.example.com", 80)
220221
foo80Listener2 := createHTTPListener("foo-80-2", "foo.example.com", 80)
221222
foo8080Listener := createHTTPListener("foo-8080", "foo.example.com", 8080)
222223
foo8081Listener := createHTTPListener("foo-8081", "foo.example.com", 8081)
224+
foo443Listener := createHTTPListener("foo-443", "foo.example.com", 443)
223225

224226
// foo https listeners
225-
foo443Listener1 := createHTTPSListener("foo-443-1", "foo.example.com", 443, gatewayTLSConfig)
226-
foo443Listener2 := createHTTPSListener("foo-443-2", "foo.example.com", 443, gatewayTLSConfig)
227-
foo8443Listener := createHTTPSListener("foo-8443", "foo.example.com", 8443, gatewayTLSConfig)
227+
foo80HTTPSListener := createHTTPSListener("foo-80-https", "foo.example.com", 80, gatewayTLSConfig)
228+
foo443HTTPSListener1 := createHTTPSListener("foo-443-https-1", "foo.example.com", 443, gatewayTLSConfig)
229+
foo443HTTPSListener2 := createHTTPSListener("foo-443-https-2", "foo.example.com", 443, gatewayTLSConfig)
230+
foo8443HTTPSListener := createHTTPSListener("foo-8443-https", "foo.example.com", 8443, gatewayTLSConfig)
228231

229232
// bar http listener
230233
bar80Listener := createHTTPListener("bar-80", "bar.example.com", 80)
231234

232235
// bar https listeners
233-
bar443Listener := createHTTPSListener("bar-443", "bar.example.com", 443, gatewayTLSConfig)
234-
bar8443Listener := createHTTPSListener("bar-8443", "bar.example.com", 8443, gatewayTLSConfig)
236+
bar443HTTPSListener := createHTTPSListener("bar-443-https", "bar.example.com", 443, gatewayTLSConfig)
237+
bar8443HTTPSListener := createHTTPSListener("bar-8443-https", "bar.example.com", 8443, gatewayTLSConfig)
235238

236239
// invalid listeners
237240
invalidProtocolListener := createTCPListener("invalid-protocol", "bar.example.com", 80)
@@ -316,19 +319,21 @@ func TestBuildGateway(t *testing.T) {
316319
name: "valid http listeners",
317320
},
318321
{
319-
gateway: createGateway(gatewayCfg{listeners: []v1beta1.Listener{foo443Listener1, foo8443Listener}}),
322+
gateway: createGateway(
323+
gatewayCfg{listeners: []v1beta1.Listener{foo443HTTPSListener1, foo8443HTTPSListener}},
324+
),
320325
gatewayClass: validGC,
321326
expected: &Gateway{
322327
Source: getLastCreatedGetaway(),
323328
Listeners: map[string]*Listener{
324-
"foo-443-1": {
325-
Source: foo443Listener1,
329+
"foo-443-https-1": {
330+
Source: foo443HTTPSListener1,
326331
Valid: true,
327332
Routes: map[types.NamespacedName]*Route{},
328333
SecretPath: secretPath,
329334
},
330-
"foo-8443": {
331-
Source: foo8443Listener,
335+
"foo-8443-https": {
336+
Source: foo8443HTTPSListener,
332337
Valid: true,
333338
Routes: map[types.NamespacedName]*Route{},
334339
SecretPath: secretPath,
@@ -479,11 +484,11 @@ func TestBuildGateway(t *testing.T) {
479484
foo80Listener1,
480485
foo8080Listener,
481486
foo8081Listener,
482-
foo443Listener1,
483-
foo8443Listener,
487+
foo443HTTPSListener1,
488+
foo8443HTTPSListener,
484489
bar80Listener,
485-
bar443Listener,
486-
bar8443Listener,
490+
bar443HTTPSListener,
491+
bar8443HTTPSListener,
487492
},
488493
},
489494
),
@@ -511,26 +516,26 @@ func TestBuildGateway(t *testing.T) {
511516
Valid: true,
512517
Routes: map[types.NamespacedName]*Route{},
513518
},
514-
"foo-443-1": {
515-
Source: foo443Listener1,
519+
"foo-443-https-1": {
520+
Source: foo443HTTPSListener1,
516521
Valid: true,
517522
Routes: map[types.NamespacedName]*Route{},
518523
SecretPath: secretPath,
519524
},
520-
"foo-8443": {
521-
Source: foo8443Listener,
525+
"foo-8443-https": {
526+
Source: foo8443HTTPSListener,
522527
Valid: true,
523528
Routes: map[types.NamespacedName]*Route{},
524529
SecretPath: secretPath,
525530
},
526-
"bar-443": {
527-
Source: bar443Listener,
531+
"bar-443-https": {
532+
Source: bar443HTTPSListener,
528533
Valid: true,
529534
Routes: map[types.NamespacedName]*Route{},
530535
SecretPath: secretPath,
531536
},
532-
"bar-8443": {
533-
Source: bar8443Listener,
537+
"bar-8443-https": {
538+
Source: bar8443HTTPSListener,
534539
Valid: true,
535540
Routes: map[types.NamespacedName]*Route{},
536541
SecretPath: secretPath,
@@ -543,7 +548,12 @@ func TestBuildGateway(t *testing.T) {
543548
{
544549
gateway: createGateway(
545550
gatewayCfg{
546-
listeners: []v1beta1.Listener{foo80Listener1, foo80Listener2, foo443Listener1, foo443Listener2},
551+
listeners: []v1beta1.Listener{
552+
foo80Listener1,
553+
foo80Listener2,
554+
foo443HTTPSListener1,
555+
foo443HTTPSListener2,
556+
},
547557
},
548558
),
549559
gatewayClass: validGC,
@@ -562,14 +572,61 @@ func TestBuildGateway(t *testing.T) {
562572
Routes: map[types.NamespacedName]*Route{},
563573
Conditions: conditions.NewListenerConflictedHostname(conflictedHostnamesMsg),
564574
},
565-
"foo-443-1": {
566-
Source: foo443Listener1,
575+
"foo-443-https-1": {
576+
Source: foo443HTTPSListener1,
577+
Valid: false,
578+
Routes: map[types.NamespacedName]*Route{},
579+
Conditions: conditions.NewListenerConflictedHostname(conflictedHostnamesMsg),
580+
SecretPath: "/etc/nginx/secrets/test_secret",
581+
},
582+
"foo-443-https-2": {
583+
Source: foo443HTTPSListener2,
567584
Valid: false,
568585
Routes: map[types.NamespacedName]*Route{},
569586
Conditions: conditions.NewListenerConflictedHostname(conflictedHostnamesMsg),
570587
SecretPath: "/etc/nginx/secrets/test_secret",
571-
}, "foo-443-2": {
572-
Source: foo443Listener2,
588+
},
589+
},
590+
Valid: true,
591+
},
592+
name: "collisions; same hostname, port, and protocol",
593+
},
594+
{
595+
gateway: createGateway(
596+
gatewayCfg{
597+
listeners: []v1beta1.Listener{
598+
foo80Listener1,
599+
foo443Listener,
600+
foo80HTTPSListener,
601+
foo443HTTPSListener1,
602+
},
603+
},
604+
),
605+
gatewayClass: validGC,
606+
expected: &Gateway{
607+
Source: getLastCreatedGetaway(),
608+
Listeners: map[string]*Listener{
609+
"foo-80-1": {
610+
Source: foo80Listener1,
611+
Valid: false,
612+
Routes: map[types.NamespacedName]*Route{},
613+
Conditions: conditions.NewListenerConflictedHostname(conflictedHostnamesMsg),
614+
},
615+
"foo-443": {
616+
Source: foo443Listener,
617+
Valid: false,
618+
Routes: map[types.NamespacedName]*Route{},
619+
Conditions: conditions.NewListenerConflictedHostname(conflictedHostnamesMsg),
620+
},
621+
"foo-80-https": {
622+
Source: foo80HTTPSListener,
623+
Valid: false,
624+
Routes: map[types.NamespacedName]*Route{},
625+
Conditions: conditions.NewListenerConflictedHostname(conflictedHostnamesMsg),
626+
SecretPath: "/etc/nginx/secrets/test_secret",
627+
},
628+
"foo-443-https-1": {
629+
Source: foo443HTTPSListener1,
573630
Valid: false,
574631
Routes: map[types.NamespacedName]*Route{},
575632
Conditions: conditions.NewListenerConflictedHostname(conflictedHostnamesMsg),
@@ -578,12 +635,12 @@ func TestBuildGateway(t *testing.T) {
578635
},
579636
Valid: true,
580637
},
581-
name: "collisions",
638+
name: "collisions; same hostname and port but different protocols",
582639
},
583640
{
584641
gateway: createGateway(
585642
gatewayCfg{
586-
listeners: []v1beta1.Listener{foo80Listener1, foo443Listener1},
643+
listeners: []v1beta1.Listener{foo80Listener1, foo443HTTPSListener1},
587644
addresses: []v1beta1.GatewayAddress{{}},
588645
},
589646
),

0 commit comments

Comments
 (0)